On Sat, Mar 19, 2016 at 04:04:06PM -0400,
Paul Hoffman wrote
a message of 51 lines which said:
> GOST is a "national algorithm", meaning that it is used almost
> exclusively in only one country (in this case Russia).
Five (5) domains in .fr are signed with GOST :-)
__
On Mon, 21 Mar 2016, Rose, Scott wrote:
This draft should also serve to obsolete RFC 6944.
Just submitted -01 which does that, and also adjusts the levels for GOST
and ECDSAP384SHA384.
https://tools.ietf.org/rfcdiff?url2=draft-wouters-sury-dnsop-algorithm-update-01.txt
https://tools.ietf.org
This draft should also serve to obsolete RFC 6944.
Scott
On 19 Mar 2016, at 15:43, Paul Wouters wrote:
> Hi,
>
> there was an interest in deprecating some DNSSEC related algorithms.
> Ondrey and I wrote a draft that tries to introduce and depricate
> DNSSEC algorithms similar to how it has been
On 20 Mar 2016, at 12:34, Ólafur Guðmundsson wrote:
Yes, but that doesn't change what I said. Most of those domains are
signed by one entity who can change easily if the operational market
thinks that is a good idea.
Right now there are two options for on-line signers GOST-ECC and
ECDSAP256S
On Sun, Mar 20, 2016 at 2:55 PM, Paul Hoffman wrote:
> On 20 Mar 2016, at 10:55, Ólafur Guðmundsson wrote:
>
> On Sat, Mar 19, 2016 at 4:04 PM, Paul Hoffman
>> wrote:
>>
>> [[ Dropping CURDLE because these discussions should only be in one WG ]]
>>>
>>>ECDSAP256SHA256 and ECDSAP384SHA384 pro
On 20 Mar 2016, at 10:55, Ólafur Guðmundsson wrote:
On Sat, Mar 19, 2016 at 4:04 PM, Paul Hoffman
wrote:
[[ Dropping CURDLE because these discussions should only be in one WG
]]
ECDSAP256SHA256 and ECDSAP384SHA384 provide more strength for
signature size than RSASHA256 and RSASHA512
On Sat, Mar 19, 2016 at 4:04 PM, Paul Hoffman wrote:
> [[ Dropping CURDLE because these discussions should only be in one WG ]]
>
>ECDSAP256SHA256 and ECDSAP384SHA384 provide more strength for
>signature size than RSASHA256 and RSASHA512 variants. It is expected
>to be raised to MUST
On Mar 19, 2016, at 4:04 PM, Paul Hoffman wrote:
> [[ Dropping CURDLE because these discussions should only be in one WG ]]
As a side note: the authors asked the chairs of both DNSOP and CURDLE where
they should bring the draft; it seemed to at least the chairs that DNSOP should
probably take
[[ Dropping CURDLE because these discussions should only be in one WG ]]
On 19 Mar 2016, at 15:43, Paul Wouters wrote:
Hi,
there was an interest in deprecating some DNSSEC related algorithms.
Ondrey and I wrote a draft that tries to introduce and depricate
DNSSEC algorithms similar to how it h
Hi,
there was an interest in deprecating some DNSSEC related algorithms.
Ondrey and I wrote a draft that tries to introduce and depricate
DNSSEC algorithms similar to how it has been done for IKE in RFC4307
and 4307bis:
Comments, feedback would be great :)
https://tools.ietf.org/html/draft-wou
10 matches
Mail list logo
